<html>
<head><meta charset="utf-8"><title>safety-dance · wg-secure-code · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/index.html">wg-secure-code</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html">safety-dance</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="171394861"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171394861" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171394861">(Jul 22 2019 at 00:45)</a>:</h4>
<p>I gave up on naming <a href="https://github.com/rust-secure-code/safety-dance" target="_blank" title="https://github.com/rust-secure-code/safety-dance">https://github.com/rust-secure-code/safety-dance</a> and instead started opening issues about crates we want to audit, as well as the ones audited already.<br>
Output of <code>cargo-geiger</code> on <code>reqwest</code> crate is horrifying - it's mostly red, with <code>smallvec</code>, <code>arrayvec</code>, <code>slab</code> and even custom locking primitives with a total of 3 stars on github. I started opening issues just for transitive dependencies of <code>reqwest</code> but had to stop short. So if you ever need more crates to look at, just sift through transitive dependencies of <code>reqwest</code> and open issues on that repo.</p>



<a name="171394974"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171394974" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alex Gaynor <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171394974">(Jul 22 2019 at 00:49)</a>:</h4>
<p>Are you making notes on unsafe patterns that could be done safely -- I'm hopeful we can turn some of these into clippy lints</p>



<a name="171395042"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171395042" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171395042">(Jul 22 2019 at 00:51)</a>:</h4>
<p><span class="user-mention" data-user-id="127617">@Shnatsel</span> I would ~strongly recommend sticking a license file (even if it's just MIT or something) in the root by the way</p>



<a name="171395108"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171395108" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171395108">(Jul 22 2019 at 00:53)</a>:</h4>
<p>Oh yeah, good point. <span class="user-mention" data-user-id="132721">@Tony Arcieri</span> could you put a license on the repo and also provide a source / proper credits for the image?</p>



<a name="171395172"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171395172" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171395172">(Jul 22 2019 at 00:55)</a>:</h4>
<p>Re: notes on patterns: sort of. I guess I should start putting these in the repo itself.<br>
Mostly I'm noticing missing safe abstractions, documented here: <a href="https://github.com/rust-secure-code/safety-dance/issues/1#issuecomment-513589145" target="_blank" title="https://github.com/rust-secure-code/safety-dance/issues/1#issuecomment-513589145">https://github.com/rust-secure-code/safety-dance/issues/1#issuecomment-513589145</a><br>
But there is one cool pattern I've been shown recently: <a href="https://github.com/sile/libflate/pull/39/files" target="_blank" title="https://github.com/sile/libflate/pull/39/files">https://github.com/sile/libflate/pull/39/files</a><br>
Used to be <code>set_len()</code>, then I've opened a PR that started zero-initializing the slice, and then someone else showed me this trick with writing to a vector from a Read impl but still making it bounded</p>



<a name="171395303"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171395303" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171395303">(Jul 22 2019 at 00:59)</a>:</h4>
<p>Passing a buffer of uninitialized data to <code>read_exact()</code> is very common apparently</p>



<a name="171395431"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171395431" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alex Gaynor <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171395431">(Jul 22 2019 at 01:03)</a>:</h4>
<p>Seems bad -- <code>io::Read</code>'s docs say you can't do that</p>



<a name="171395486"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171395486" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171395486">(Jul 22 2019 at 01:05)</a>:</h4>
<p>Yeah, docs started advising against that just recently, after I complained to RalfJung about that</p>



<a name="171395492"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171395492" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171395492">(Jul 22 2019 at 01:05)</a>:</h4>
<p>I'm pretty sure reqwest still does it</p>



<a name="171432319"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171432319" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171432319">(Jul 22 2019 at 13:55)</a>:</h4>
<p>re: the image, I know someone who knows someone who knows the artist. can try to vicariously get permission to use it. they don't seem to have social media presence and I don't know their contact details</p>



<a name="171434476"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171434476" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171434476">(Jul 22 2019 at 14:20)</a>:</h4>
<p>I am attempting to (vicariously) ask the artist for permission. If I can't get it I'll remove the image.</p>



<a name="171434501"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171434501" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171434501">(Jul 22 2019 at 14:20)</a>:</h4>
<p>re: licensing, should we just do the standard Apache-2.0 OR MIT?</p>



<a name="171434527"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171434527" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171434527">(Jul 22 2019 at 14:20)</a>:</h4>
<p>sure, or even simply MIT I think would be fine</p>



<a name="171434535"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171434535" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171434535">(Jul 22 2019 at 14:20)</a>:</h4>
<p>_a_ license is the important bit here :)</p>



<a name="171454357"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171454357" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171454357">(Jul 22 2019 at 18:19)</a>:</h4>
<p>Yeah I don't particularly care about the license either. Apache+MIT sounds good.</p>



<a name="171456512"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171456512" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171456512">(Jul 22 2019 at 18:43)</a>:</h4>
<p><a href="https://github.com/rust-secure-code/safety-dance/pull/10/files" target="_blank" title="https://github.com/rust-secure-code/safety-dance/pull/10/files">https://github.com/rust-secure-code/safety-dance/pull/10/files</a></p>



<a name="171456744"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171456744" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171456744">(Jul 22 2019 at 18:46)</a>:</h4>
<p>Approved. Fire when ready.</p>



<a name="171456808"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171456808" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171456808">(Jul 22 2019 at 18:47)</a>:</h4>
<p><span aria-label="rocket" class="emoji emoji-1f680" role="img" title="rocket">:rocket:</span></p>



<a name="171457706"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171457706" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171457706">(Jul 22 2019 at 18:58)</a>:</h4>
<p>Incoming! <a href="https://github.com/rust-secure-code/safety-dance/pull/11" target="_blank" title="https://github.com/rust-secure-code/safety-dance/pull/11">https://github.com/rust-secure-code/safety-dance/pull/11</a></p>



<a name="171458589"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171458589" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171458589">(Jul 22 2019 at 19:09)</a>:</h4>
<p>This effort is now weirdly split between this WG and people hanging out in #black-magic on community Discord</p>



<a name="171479085"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171479085" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171479085">(Jul 23 2019 at 00:06)</a>:</h4>
<p>regarding the Safety Dance logo, I have it on the word of a Rust core team member who contacted the original artist that it is in the public domain</p>



<a name="171479106"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171479106" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171479106">(Jul 23 2019 at 00:07)</a>:</h4>
<p><span class="user-mention" data-user-id="127617">@Shnatsel</span> in which case, do you think it's ready to tweet? or were you planning on doing a blog post or something first?</p>



<a name="171480655"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171480655" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tom Phinney <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171480655">(Jul 23 2019 at 00:39)</a>:</h4>
<p>Yay! Love the Safety Dance logo. You are all free to use my analogy to dancing across hot coals in explaining why the "dance" metaphor is appropriate.</p>



<a name="171481058"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171481058" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171481058">(Jul 23 2019 at 00:48)</a>:</h4>
<p>haha</p>



<a name="171481075"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171481075" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171481075">(Jul 23 2019 at 00:49)</a>:</h4>
<p><span class="user-mention" data-user-id="127617">@Shnatsel</span> if you make a blog post, be sure to link to the video <span aria-label="wink" class="emoji emoji-1f609" role="img" title="wink">:wink:</span> <a href="https://www.youtube.com/watch?v=AjPau5QYtYs" target="_blank" title="https://www.youtube.com/watch?v=AjPau5QYtYs">https://www.youtube.com/watch?v=AjPau5QYtYs</a></p>
<div class="youtube-video message_inline_image"><a data-id="AjPau5QYtYs" href="https://www.youtube.com/watch?v=AjPau5QYtYs" target="_blank" title="https://www.youtube.com/watch?v=AjPau5QYtYs"><img src="https://i.ytimg.com/vi/AjPau5QYtYs/default.jpg"></a></div>



<a name="171502478"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171502478" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171502478">(Jul 23 2019 at 09:25)</a>:</h4>
<blockquote>
<p>Seems bad -- <code>io::Read</code>'s docs say you can't do that</p>
</blockquote>
<p>that is, unless you know the <code>Read</code> impl that is being called, and made sure it does not and will not (in the future) read from <code>buf</code></p>



<a name="171532795"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171532795" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171532795">(Jul 23 2019 at 16:07)</a>:</h4>
<p>welp <span aria-label="wink" class="emoji emoji-1f609" role="img" title="wink">:wink:</span> <a href="https://twitter.com/rustsecurecode/status/1153698020724113409" target="_blank" title="https://twitter.com/rustsecurecode/status/1153698020724113409">https://twitter.com/rustsecurecode/status/1153698020724113409</a></p>
<div class="inline-preview-twitter"><div class="twitter-tweet"><a href="https://twitter.com/rustsecurecode/status/1153698020724113409" target="_blank"><img class="twitter-avatar" src="https://pbs.twimg.com/profile_images/1124827561760976896/bNhqe7uZ_normal.png"></a><p>Introducing the Rust Safety Dance, a project by the Secure Code WG to audit and potentially eliminate usages of unsafe from core ecosystem (and other) crates:

<a href="https://t.co/kdtWgK5Z26" target="_blank" title="https://t.co/kdtWgK5Z26">https://github.com/rust-secure-code/safety-dance</a> <a href="https://t.co/uys75CaX1z" target="_blank" title="https://t.co/uys75CaX1z">https://twitter.com/rustsecurecode/status/1153698020724113409/photo/1</a></p><span>- Rust Secure Code WG (@rustsecurecode)</span><div class="twitter-image"><a href="https://t.co/uys75CaX1z" target="_blank" title="https://t.co/uys75CaX1z"><img src="https://pbs.twimg.com/media/EALCO9oVUAA0Hfk.png:thumb"></a></div></div></div>



<a name="171538777"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171538777" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171538777">(Jul 23 2019 at 17:23)</a>:</h4>
<p>I'm not planning to make a blog post. Sadly I don't have the time, with being offline for a while and all that. I can help out again late August - early September.</p>



<a name="171545817"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171545817" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171545817">(Jul 23 2019 at 18:40)</a>:</h4>
<p><span class="user-mention" data-user-id="127617">@Shnatsel</span> no worries, I was just curious if I should wait to tweet the link to the blog post first, if there were one. but... too late! already just tweeted the repo, and @RustLang retweeted it, so I think we're good</p>



<a name="171545825"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171545825" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171545825">(Jul 23 2019 at 18:40)</a>:</h4>
<p>any thoughts on this? <a href="https://github.com/rust-secure-code/safety-dance/pull/15" target="_blank" title="https://github.com/rust-secure-code/safety-dance/pull/15">https://github.com/rust-secure-code/safety-dance/pull/15</a></p>



<a name="171545836"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171545836" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171545836">(Jul 23 2019 at 18:40)</a>:</h4>
<p>viral marketing! <span aria-label="sweat smile" class="emoji emoji-1f605" role="img" title="sweat smile">:sweat_smile:</span></p>



<a name="171548814"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171548814" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171548814">(Jul 23 2019 at 19:11)</a>:</h4>
<p>Sounds good to me</p>



<a name="171631596"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171631596" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> JP Sugarbroad <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171631596">(Jul 24 2019 at 18:37)</a>:</h4>
<p>I've seen reference to a number of crates that help people avoid unsafe, like take_mut, owning_ref, and rental. Is safety-dance a good place to start cataloging them, like a "how to avoid unsafe" guide?</p>



<a name="171631735"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171631735" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171631735">(Jul 24 2019 at 18:39)</a>:</h4>
<p>sounds like a good idea to me. maybe put them in the README or perhaps a separate .md file linked from the README...</p>



<a name="171632829"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171632829" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171632829">(Jul 24 2019 at 18:54)</a>:</h4>
<p>does this mean they have been reviewed carefully by someone who is not their primary author to make sure they are not unsound?</p>



<a name="171634284"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171634284" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171634284">(Jul 24 2019 at 19:14)</a>:</h4>
<p>perhaps we should open an issue to compile and discuss which ones should get included in a list</p>



<a name="171674612"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171674612" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Florian Gilcher <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171674612">(Jul 25 2019 at 09:04)</a>:</h4>
<p>Are there any qualifications you need for writing that blog post? I could find someone to write it for you and put it on the blog post.</p>
<p>/cc <span class="user-mention" data-user-id="132721">@Tony Arcieri</span> <span class="user-mention" data-user-id="127617">@Shnatsel</span></p>



<a name="171696941"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/171696941" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#171696941">(Jul 25 2019 at 14:37)</a>:</h4>
<p><span class="user-mention" data-user-id="215333">@Florian Gilcher</span> not particularly, just enough background on what the project is and what its goals are to promote it</p>



<a name="174126329"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/174126329" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#174126329">(Aug 26 2019 at 09:21)</a>:</h4>
<p>Are you guys aware of the list we (the UCG WG) are maintaining at <a href="https://github.com/rust-lang/unsafe-code-guidelines/issues/158" target="_blank" title="https://github.com/rust-lang/unsafe-code-guidelines/issues/158">https://github.com/rust-lang/unsafe-code-guidelines/issues/158</a> ? As part of safety-dance y'all are seeing a lot of real-world unsafe code out there, and I think (if that's something you'd like to do) it would be very helpful to use that to "cartograph" the less clear corners of the Rust unsafe code rules. Don't hesitate to open a thread in the UCG stream here on Zulip (<a class="stream" data-stream-id="136281" href="/#narrow/stream/136281-t-lang.2Fwg-unsafe-code-guidelines">#t-lang/wg-unsafe-code-guidelines</a>), open an issue in the <a href="https://github.com/rust-lang/unsafe-code-guidelines/issues/158" target="_blank" title="https://github.com/rust-lang/unsafe-code-guidelines/issues/158">UCG repo</a> or Cc me (<code>@RalfJung</code> on GH) when there are questions about whether some concrete piece of unsafe code is UB or not.</p>



<a name="174624362"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/174624362" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#174624362">(Aug 31 2019 at 16:28)</a>:</h4>
<p>I'm going to kick safety-dance into a higher gear by promoting it on Reddit. Before I invite more people to join I want to get the docs and processes up to scratch. Please check this out and let me know if it looks OK to you:<br>
<a href="https://github.com/rust-secure-code/safety-dance/issues/20" target="_blank" title="https://github.com/rust-secure-code/safety-dance/issues/20">https://github.com/rust-secure-code/safety-dance/issues/20</a></p>



<a name="174624517"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/174624517" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#174624517">(Aug 31 2019 at 16:33)</a>:</h4>
<p><span class="user-mention" data-user-id="127617">@Shnatsel</span> just make sure you wait a little bit... Reddit is currently having a ton of issues due to the us-east-1 outage</p>



<a name="174624569"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/174624569" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#174624569">(Aug 31 2019 at 16:34)</a>:</h4>
<p>Good call. It's gonna take a while for me to write some docs anyway. Probably not gonna post until tomorrow</p>



<a name="174624632"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/174624632" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#174624632">(Aug 31 2019 at 16:36)</a>:</h4>
<p>The number of people subscribed to safety-dance and immediately responding to issues is already impressive</p>



<a name="174627793"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/174627793" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#174627793">(Aug 31 2019 at 18:14)</a>:</h4>
<p>Initial trophy case up: <a href="https://github.com/rust-secure-code/safety-dance/pull/23" target="_blank" title="https://github.com/rust-secure-code/safety-dance/pull/23">https://github.com/rust-secure-code/safety-dance/pull/23</a><br>
Just the stuff I've been involved with for now, to establish the structure. Once I merge this everyone is encouraged to add their contributions!</p>



<a name="174628025"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/174628025" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#174628025">(Aug 31 2019 at 18:22)</a>:</h4>
<p>OK it's merged. Please open PRs for your contributions!</p>



<a name="174628658"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/174628658" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#174628658">(Aug 31 2019 at 18:43)</a>:</h4>
<p>Also my "new advisory" sense is tingling: <a href="https://github.com/image-rs/image/pull/985" target="_blank" title="https://github.com/image-rs/image/pull/985">https://github.com/image-rs/image/pull/985</a></p>



<a name="174629059"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/174629059" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#174629059">(Aug 31 2019 at 18:57)</a>:</h4>
<p>indeed</p>



<a name="174670580"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/174670580" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#174670580">(Sep 01 2019 at 17:53)</a>:</h4>
<p>I've opened a PR to update mission statement for safety-dance, please let me know if it makes sense or if it can be improved: <a href="https://github.com/rust-secure-code/safety-dance/pull/28/files" target="_blank" title="https://github.com/rust-secure-code/safety-dance/pull/28/files">https://github.com/rust-secure-code/safety-dance/pull/28/files</a></p>



<a name="175085790"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/175085790" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#175085790">(Sep 06 2019 at 17:34)</a>:</h4>
<p>Safety dance is getting so much attention that we're almost done with the crates we've picked for auditing already! We need some more popular crates to look at!</p>



<a name="175085842"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/175085842" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#175085842">(Sep 06 2019 at 17:35)</a>:</h4>
<p>And that's before I even started widely promoting it. It's never even been posted to Reddit</p>



<a name="175086017"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/175086017" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#175086017">(Sep 06 2019 at 17:37)</a>:</h4>
<p>What I really wanted to say is "Please throw some more crates at it!"</p>



<a name="175090471"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/175090471" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thom Chiovoloni <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#175090471">(Sep 06 2019 at 18:26)</a>:</h4>
<p>the amount of unsafe relative to the complexity (and the fact that headers are such an easy thing for an attacker to poke at) always made me really worried about <a href="https://github.com/hyperium/http/blob/master/src/header/map.rs" target="_blank" title="https://github.com/hyperium/http/blob/master/src/header/map.rs">https://github.com/hyperium/http/blob/master/src/header/map.rs</a></p>



<a name="175090506"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/175090506" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thom Chiovoloni <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#175090506">(Sep 06 2019 at 18:27)</a>:</h4>
<p>i can file an issue for it after lunch i guess, or someone else can</p>



<a name="175090552"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/175090552" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thom Chiovoloni <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#175090552">(Sep 06 2019 at 18:27)</a>:</h4>
<p>that's most of the unsafe in that crate last time i looked, but it's... large, complex, and the unsafe seems to rely on a bunch of tricky invariants</p>



<a name="175185846"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/175185846" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#175185846">(Sep 08 2019 at 14:03)</a>:</h4>
<p><strong>Everyone:</strong> looks like safety-dance is almost ready for wider promotion! We just need to pick more crates for auditing - most of what we have picked on the issue tracker is already partially or mostly done.</p>



<a name="175185899"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/175185899" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#175185899">(Sep 08 2019 at 14:04)</a>:</h4>
<p>Please add some important crates! (But preferably not async ones because those are under a lot of churn right now due to upcoming async/await)</p>



<a name="175467527"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/175467527" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#175467527">(Sep 11 2019 at 19:32)</a>:</h4>
<p><span class="user-mention" data-user-id="127617">@Shnatsel</span> if you're interested in doing a Safety Dance blog post, <span class="user-mention" data-user-id="116009">@nikomatsakis</span> was talking about setting up a shared "Team Blog" where we could promote it</p>



<a name="175468251"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/175468251" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#175468251">(Sep 11 2019 at 19:39)</a>:</h4>
<p><a href="https://github.com/rust-lang/blog.rust-lang.org/pull/402" target="_blank" title="https://github.com/rust-lang/blog.rust-lang.org/pull/402">https://github.com/rust-lang/blog.rust-lang.org/pull/402</a></p>



<a name="175483547"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/175483547" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#175483547">(Sep 11 2019 at 22:59)</a>:</h4>
<p>I do think we could use a WG blog to announce stuff like safety dance. Partly because I'm annoyed by the popups that Medium shows these days.<br>
I'm not 100% confident it's a good idea to put it under <a href="http://rust-lang.org" target="_blank" title="http://rust-lang.org">rust-lang.org</a> domain. It makes it a bit too official for my liking, too much responsibility.</p>



<a name="175483792"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/175483792" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#175483792">(Sep 11 2019 at 23:02)</a>:</h4>
<p>For example: I am mostly single-handedly driving safety-dance, and if I mess up I kinda want it to be just me who messes up, or a relatively obscure WG, and not the entire Rust org as a whole</p>



<a name="175483866"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/175483866" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#175483866">(Sep 11 2019 at 23:03)</a>:</h4>
<p>Or maybe I should just get more people to sanity check whatever I'm doing with safety dance, then we'll be fine</p>



<a name="179636062"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/179636062" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#179636062">(Nov 01 2019 at 15:35)</a>:</h4>
<p>" it would require a fixed-capacity Vec-like view of memory. I'll need to write an RFC for one at some point." <span class="user-mention" data-user-id="127617">@Shnatsel</span></p>



<a name="179636070"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/179636070" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#179636070">(Nov 01 2019 at 15:35)</a>:</h4>
<p>what does that mean exactly?</p>



<a name="179636075"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/179636075" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#179636075">(Nov 01 2019 at 15:35)</a>:</h4>
<p>does <code>heapless::Vec</code> work?</p>



<a name="179638243"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/179638243" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#179638243">(Nov 01 2019 at 15:59)</a>:</h4>
<p>Probably. There's a bunch of those around but no definitive implementation. Since it is also needed for a safer Read trait and the impl is very complex I'm pretty sure it needs to be in <code>std</code>.<br>
Other known impls of this idea:<br>
 -  <a href="https://crates.io/crates/buffer" target="_blank" title="https://crates.io/crates/buffer">https://crates.io/crates/buffer</a><br>
 -  <a href="https://crates.io/crates/uninit" target="_blank" title="https://crates.io/crates/uninit">https://crates.io/crates/uninit</a><br>
 -  <a href="https://crates.io/crates/static-alloc" target="_blank" title="https://crates.io/crates/static-alloc">https://crates.io/crates/static-alloc</a></p>



<a name="179638462"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/179638462" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#179638462">(Nov 01 2019 at 16:01)</a>:</h4>
<p>Actually, <code>heapless::Vec</code> will not work because it's always on the stack while we want to have a non-owning view of arbitrary slice of <code>MaybeUninit&lt;T&gt;</code></p>



<a name="179641497"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/179641497" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#179641497">(Nov 01 2019 at 16:34)</a>:</h4>
<p>This abstraction really needs to be in <code>std</code> because we need multiple crates to agree on it. For example, <code>flate2</code> would both pass it to <code>miniz_oxide</code> backend <em>and</em> accept such a view from client code, so we have a stack of 3 different crates passing it to each other</p>



<a name="179641540"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/179641540" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#179641540">(Nov 01 2019 at 16:35)</a>:</h4>
<p>does <code>io::Cursor</code> on a fixed-sized array work?</p>



<a name="179642325"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/179642325" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#179642325">(Nov 01 2019 at 16:44)</a>:</h4>
<p>Uuuh, sorta? I'm not sure if it's OK to have <code>MaybeUninit&lt;T&gt;</code> as the backing storage for <code>Cursor</code>.<br>
And you would still need some <code>unsafe</code> to e.g. get the initialized portion as a slice, or apply changed length to Vec when the backing storage came from a Vec, but that might be possible to encapsulate. Still, doesn't sound very obvious or ergonomic to me.</p>



<a name="179655024"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/179655024" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#179655024">(Nov 01 2019 at 19:06)</a>:</h4>
<p><strong>It's happening</strong><br>
<a href="https://www.reddit.com/r/rust/comments/dq8df4/announcing_safetydance_removing_unnecessary/" target="_blank" title="https://www.reddit.com/r/rust/comments/dq8df4/announcing_safetydance_removing_unnecessary/">https://www.reddit.com/r/rust/comments/dq8df4/announcing_safetydance_removing_unnecessary/</a></p>



<a name="179668768"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/179668768" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#179668768">(Nov 01 2019 at 21:52)</a>:</h4>
<p>nice post. seems to be garnering a decent amount of attention</p>



<a name="179671470"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/179671470" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#179671470">(Nov 01 2019 at 22:33)</a>:</h4>
<p>Yeah, seems to be working. After the flop of the 2019 goals blog post I was afraid I was losing my touch, but apparently not <span aria-label="sweat smile" class="emoji emoji-1f605" role="img" title="sweat smile">:sweat_smile:</span></p>



<a name="179674743"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/179674743" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#179674743">(Nov 01 2019 at 23:41)</a>:</h4>
<p>Yeah it's <a href="https://github.com/rust-lang/rust/issues/1" target="_blank" title="https://github.com/rust-lang/rust/issues/1">#1</a> link on Rust subreddit now <span aria-label="big smile" class="emoji emoji-1f604" role="img" title="big smile">:big_smile:</span></p>



<a name="179717178"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/179717178" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#179717178">(Nov 02 2019 at 20:20)</a>:</h4>
<p>By the way, people seem to like the safety-dance name and logo, so thanks to <span class="user-mention" data-user-id="132721">@Tony Arcieri</span> for finding those!</p>



<a name="179723510"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/179723510" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jacob Rosenthal <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#179723510">(Nov 02 2019 at 23:32)</a>:</h4>
<p>Heapless offers static<br>
// in a <code>static</code> variable<br>
// (because <code>const-fn</code> has not been fully stabilized you need to use the helper structs in<br>
// the <code>i</code> module, which must be wrapped in a tuple struct)<br>
static mut XS: Vec&lt;u8, U8&gt; = Vec(heapless::i::Vec::new());</p>



<a name="179967210"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/safety-dance/near/179967210" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/safety-dance.html#179967210">(Nov 05 2019 at 19:25)</a>:</h4>
<p>This is relevant to our interests: <a href="https://github.com/rust-lang/rfcs/pull/2802" target="_blank" title="https://github.com/rust-lang/rfcs/pull/2802">https://github.com/rust-lang/rfcs/pull/2802</a></p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>